In case it isn't obvious from my web sites, I am a hacker. The good kind. I enjoy
tinkering with computers, exploring networks, pushing hardware and
software to its limits, and especially open source programming. I
have been developing and distributing the free Nmap Security Scanner since 1997.
It scans your networks to determine what hosts are online, what
services (web servers, mail servers, etc.) they are offering, what OS
they are running, and more.

While my web sites and Nmap were created for fun and in the hope
that people would find them useful, they have become my full-time
occupation. I consider myself quite privileged to be able to spend
all my time on what I love. Revenue comes from a licensing
program that allows proprietary software and appliance vendors to
integrate and distribute Nmap technology within their products. This
is similar to the model taken by MySQL, Trolltech Qt, and Berkeley DB. Nmap's license
allows free use by end users or within larger open source packages.
My company, Insecure.Com LLC, also offers limited web
advertising.

I have gained much from the information and open source programs
available on the Internet, as well as the culture of sharing that
pervades the hacker community. I try give a little back through my
programs, books, articles, web sites, and other projects I maintain.

Books and papers

In addition to writing software, I have authored or co-authored
several books:

Nmap Network Scanning is the
official guide to Nmap. From explaining port scanning basics for
novices to detailing low-level packet crafting methods used by
advanced hackers, this book by Nmap's original author suits all levels
of security and networking
professionals. The reference
guide documents every Nmap feature and option, while the remainder
demonstrates how to apply them to quickly solve real-world
tasks. Examples and diagrams show actual communication on the
wire. Topics include subverting firewalls and intrusion detection
systems, optimizing Nmap performance, and automating common networking
tasks with the Nmap Scripting Engine. More than half of the book is
available free
online.

My best selling book is Stealing
the Network: How to Own a Continent. Myself, Kevin Mitnick, Jay
Beale, Joe Grand, FX, and others crafted a hacker-thriller detailing a
massive electronic financial heist. While the work is fiction, hacks
are described in depth using real technology such as Nmap, Hping2,
OpenSSL, etc. The book can be purchased
at Amazon, or you can read my chapter online
for free. When it first came out, STC ranked as the
second-highest selling computer book on Amazon.

OK, I didn't write this one, but I starred in it! In the comic book Hero-Z
Clustermind (11MB PDF), I save a kidnapped Nmap developer from a criminal
organization intent on misusing his hacking skills for evil.

I have also written many papers, most of which can be found on the Nmap docs page. Here are some of my favorites:

Nmap Reference Guide is available in a dozen language and its 18 sections cover almost every aspect of Nmap.

Service and Application Version Detection describes how Nmap interrogates open ports to determine exactly what is running. This helps you locate forbidden/insecure services on your network, even when people try to hide them on unusual ports.

Preparing, traveling, and delivering good presentations takes a
substantial amount of time, so I must be selective about which
engagements I accept. Feel free to invite me to speak at your
conference, but don't be offended if I have to decline.

Interviews

I enjoy giving written (or video/audio in rare cases) interviews
for network security and technology publications. Here are some good
ones:

Patrick Gray interviewed me on his Risky Business podcast in December 2008 about recent improvements to Zenmap and my new book.

PaulDotCom Security Weekly audio podcast interviewed me in September 2008. New Nmap 4.75 features were covered, as well as advanced scanning tips, in this multi-hour interview. You can listen to part 1, then part 2, or read the episode notes.

If you have interesting questions and would like to interview me
for your publication or web site, send me email and I'll try to make
time.

Fyodor FAQ

Here are some questions that I get quite often:

Where did the nickname Fyodor come from?

Like many hackers, I enjoy reading. For a while in the early 90s I
was particularly enamored with Russian author Fyodor
Dostoevsky. Shortly after reading his Notes From
Underground, I logged onto a new BBS using the handle Fyodor as a
whim. It stuck. I'm a little embarrassed that a Google
search for Fyodor now lists me before Dostoevsky. I guess it is
hard to earn and maintain a decent PageRank when you're
dead.

I think my boyfriend is cheating on me. Will you help me hack his email account to find out?

No.

Will you do an interview for my web site, speak at my conference, or answer questions for the article I'm writing?

Maybe! Email me a proposal. I can't always say yes, but I will at least answer promptly.

I'm writing a book or web/journal article or producing a movie,
and Nmap is covered. Would you do a pre-publication technical
review?

Yes, I'm generally happy to do this.

Are you on any social networks?

Yes, I have personal accounts on Facebook, Twitter, and Google+. Feel free to follow/subscribe, but I only friend people that I actually know. I also run a separate account for Nmap news on Facebook, Twitter, and Google+.

How can I become a security expert/hacker?

It is a lot of work, but also rewarding. My take is in question #4
of my Slashdot
interview.

in fact, the only reason that i wonna learn to use the n map is to find some data abougth a girl that contacted me in some a page, an have fucking me each time i go online, as an free atitude, that i can't understand, anyways i'm a tecnic in coputing from a tecnical school but i'd learn only a bit of q basic. if you can help me with that i'll be thakfull foreve!

Major Nmap releases and important site news are posted to the
ad-free Nmap-hackers mailing list. You can join more than 60,000
current members from this
page. Traffic rarely exceeds 2 messages per month. You can also
read the archives or subscribe to the RSS feed at SecLists.Org. The other source for
breaking news is the front page of Insecure.Org. If you truly want to
keep abreast of all Nmap development, join the high traffic (hundreds
of messages per month) nmap-dev
list too.